ICMP and connection tracking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Are ICMP packets related to new and established TCP connections and UDP traffic considered to be part of them, or do I need to have explicit rules like

-A INPUT -p icmp -m state --state RELATED -j ACCEPT

for things like path MTU discovery, traceroute, ICMP port unreachables, and so on to work properly?

Any downsides of using generic rule like above (if it is needed)?

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux